#Red_Team_Tactics
1. Avoid antivirus by hiding the import table
https://xz.aliyun.com/t/12035
2. Measuring, Reporting On, and Planning For Red Team Maturity
https://www.redteammaturity.com/release-blog
3. Measuring Sliver vs Havoc
https://git.culbertreport.com/posts/Sliver-vs-Havoc
1. Avoid antivirus by hiding the import table
https://xz.aliyun.com/t/12035
2. Measuring, Reporting On, and Planning For Red Team Maturity
https://www.redteammaturity.com/release-blog
3. Measuring Sliver vs Havoc
https://git.culbertreport.com/posts/Sliver-vs-Havoc
Vjw0rm.pdf
5 MB
#Malware_analysis
How to Analyze JavaScript Malware - A Case Study of Vjw0rm
How to Analyze JavaScript Malware - A Case Study of Vjw0rm
#exploit
1. CVE-2022-22274:
A Stack-based buffer overflow vulnerability in the SonicOS
https://github.com/pwneddr/Sonic_CVE-2022-22274_poc
2. CVE-2022-3652:
Race condition in JSCreateLowering, leading to RCE
https://bugs.chromium.org/p/chromium/issues/detail?id=1369871
1. CVE-2022-22274:
A Stack-based buffer overflow vulnerability in the SonicOS
https://github.com/pwneddr/Sonic_CVE-2022-22274_poc
2. CVE-2022-3652:
Race condition in JSCreateLowering, leading to RCE
https://bugs.chromium.org/p/chromium/issues/detail?id=1369871
GitHub
GitHub - 4lucardSec/Sonic_CVE-2022-22274_poc
Contribute to 4lucardSec/Sonic_CVE-2022-22274_poc development by creating an account on GitHub.
#Offensive_security
1. .pkg signature verification bypass on macOS
https://sector7.computest.nl/post/2023-01-xar
2. Restoring Dyld Memory Loading
https://blog.xpnsec.com/restoring-dyld-memory-loading
1. .pkg signature verification bypass on macOS
https://sector7.computest.nl/post/2023-01-xar
2. Restoring Dyld Memory Loading
https://blog.xpnsec.com/restoring-dyld-memory-loading
defion.security
Bad things come in large packages: .pkg signature verification bypass on macOS
Code signing of applications is an essential element of macOS security. Besides signing applications, it is also possible to sign installer packages (.pkg files
TROJANPUZZLE.pdf
2.8 MB
#Research
"TROJANPUZZLE: Covertly Poisoning Code-Suggestion Models", 2023.
"TROJANPUZZLE: Covertly Poisoning Code-Suggestion Models", 2023.
#Threat_Research
DER Entitlements: The (Brief) Return of the Psychic Paper (CVE-2022-42855)
https://googleprojectzero.blogspot.com/2023/01/der-entitlements-brief-return-of.html
DER Entitlements: The (Brief) Return of the Psychic Paper (CVE-2022-42855)
https://googleprojectzero.blogspot.com/2023/01/der-entitlements-brief-return-of.html
projectzero.google
DER Entitlements: The (Brief) Return of the Psychic Paper
Posted by Ivan Fratric, Project Zero Note: The vulnerability discussed here, CVE-2022-42855, w...
Forensia
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
#Unloading Sysmon Driver.
#Gutmann Method File Shredding.
#USNJrnl Disabler.
#Prefetch Disabler.
#Log Eraser and Event log Disabler.
#User Assist Update Time Disabler.
#Access Time Disabler.
#Clear Recent Items
#Clear Shim Cache
#Clear RecentFileCache
#Clear ShellBag
#File Melting Capabilities.
https://system32.ink/news-feed/p/139/
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
#Unloading Sysmon Driver.
#Gutmann Method File Shredding.
#USNJrnl Disabler.
#Prefetch Disabler.
#Log Eraser and Event log Disabler.
#User Assist Update Time Disabler.
#Access Time Disabler.
#Clear Recent Items
#Clear Shim Cache
#Clear RecentFileCache
#Clear ShellBag
#File Melting Capabilities.
https://system32.ink/news-feed/p/139/
Class
Topic: Sql injection
Time: 8 Pm IST
Details: https://system32.ink/classes
Host: @vanshsec
Invite Link (Web) : https://system32.ink/zoom-meetings/sqli/?pak=QnhXbW50UHpUcnlwUHJ0ekpRYlBlZz09&join=V2NzRklocno1Ylc1YUVyWUVrRFI1QT09&type=meeting&redirect
Jyada se jyada sankhya me aakar class ki shobha ka Aanand leve, dhnywaad
Topic: Sql injection
Time: 8 Pm IST
Details: https://system32.ink/classes
Host: @vanshsec
Invite Link (Web) : https://system32.ink/zoom-meetings/sqli/?pak=QnhXbW50UHpUcnlwUHJ0ekpRYlBlZz09&join=V2NzRklocno1Ylc1YUVyWUVrRFI1QT09&type=meeting&redirect
Jyada se jyada sankhya me aakar class ki shobha ka Aanand leve, dhnywaad
👌4🍾2
Gmailc2
A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions.
C2 Feature:
▫️ Persistence (type persist)
▫️ Shell Access
▫️ System Info (type info)
▫️ More Features Will Be Added
Features:
▫️ FUD Ratio 0/40
▫️ Bypass Any EDR's Solutions
▫️ Bypass Any Network Restrictions
▫️ Commands Are Being Sent in Base64 And Decoded on server side
▫️ No More Tcp Shits
https://system32.ink/news-feed/p/151/
A Fully Undetectable C2 Server That Communicates Via Google SMTP to evade Antivirus Protections and Network Traffic Restrictions.
C2 Feature:
▫️ Persistence (type persist)
▫️ Shell Access
▫️ System Info (type info)
▫️ More Features Will Be Added
Features:
▫️ FUD Ratio 0/40
▫️ Bypass Any EDR's Solutions
▫️ Bypass Any Network Restrictions
▫️ Commands Are Being Sent in Base64 And Decoded on server side
▫️ No More Tcp Shits
https://system32.ink/news-feed/p/151/
#tools
#Red_Team_Tactics
1. Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase
https://github.com/PaulNorman01/Forensia
2. VirusTotalC2 - Abusing VirusTotal API to host C2 traffic
https://github.com/D1rkMtr/VirusTotalC2
#Red_Team_Tactics
1. Forensia - Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase
https://github.com/PaulNorman01/Forensia
2. VirusTotalC2 - Abusing VirusTotal API to host C2 traffic
https://github.com/D1rkMtr/VirusTotalC2
GitHub
GitHub - PaulNorman01/Forensia: Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase.
Anti Forensics Tool For Red Teamers, Used For Erasing Footprints In The Post Exploitation Phase. - PaulNorman01/Forensia
attacking_safari_2022.pdf
1.4 MB
#Threat_Research
"Attacking Safari in 2022".
"Attacking Safari in 2022".
#Malware_analysis
Analysis of CVE-2022-42475 - FortiOS - heap-based buffer overflow in SSLVPNd
https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
Analysis of CVE-2022-42475 - FortiOS - heap-based buffer overflow in SSLVPNd
https://www.fortinet.com/blog/psirt-blogs/analysis-of-fg-ir-22-398-fortios-heap-based-buffer-overflow-in-sslvpnd
Fortinet Blog
Analysis of FG-IR-22-398 – FortiOS - heap-based buffer overflow in SSLVPNd
Fortinet published CVSS: Critical advisory FG-IR-22-398 / CVE-2022-42475 on Dec 12, 2022. This blog details our initial investigation into this malware and additional IoCs identified during our on…
#exploit
1. Redis 6.0.16 - RCE
https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1
2. Linux kernel exploit development
https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development?s=09
1. Redis 6.0.16 - RCE
https://medium.com/@emil.lerner/hacking-redis-for-fun-and-ctf-points-3450c351bec1
2. Linux kernel exploit development
https://breaking-bits.gitbook.io/breaking-bits/exploit-development/linux-kernel-exploit-development?s=09
Medium
Hacking Redis for fun and CTF points
This post will go through an exploit that achieves code execution in the Redis server via a memory corruption issue. It works for Redis…
Chronos.pdf
805.8 KB
#Research
"CHRONOS: Time-Aware Zero-Shot Identification of Libraries from Vulnerability Reports", 2023.
]-> Repo: https://github.com/soarsmu/Chronos
"CHRONOS: Time-Aware Zero-Shot Identification of Libraries from Vulnerability Reports", 2023.
]-> Repo: https://github.com/soarsmu/Chronos